CVE-2022-3279

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs...

CVE-2022-2931

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage...

PT-2022-20228 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 14.4 through 15.2.5 GitLab CE/EE versions 15.3 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.1 Description: An issue in the Import functionality allows an authenticated user to read arbitrary projects' content...

CVE-2022-3060

CVE-2022-3060 concerns GitLab CE/EE with an improper control of a resource identifier in Error Tracking. Affected products include GitLab CE/EE versions from 12.7 onward. The root issue allows an authenticated attacker to generate content that could cause a victim to make unintended arbitrary req...

CVE-2022-3325

Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user...

PT-2022-21470 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.2.5 GitLab CE/EE versions 15.3 prior to 15.3.4 GitLab CE/EE versions 15.4 prior to 15.4.1 Description: An unhandled exception in job log parsing allows an attacker to prevent access to job logs...

CVE-2022-3283

GitLab CE/EE vulnerability CVE-2022-3283 affects GitLab versions prior to 15.2.5, and specific ranges in later releases (before 15.3.4 and before 15.4.1). The root cause is a potential denial-of-service: when cloning an issue, a specially crafted description could trigger high CPU usage, potentia...

CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

PT-2022-20060 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.1.6 GitLab CE/EE versions 15.2 through 15.2.3 GitLab CE/EE versions 15.3 through 15.3.1 Description: An issue has been discovered in GitLab CE/EE that may allow an attacker to guess a user's password by brute...

CVE-2022-3283

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...

CVE-2022-2455

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing ...

PT-2022-21546 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 15.2.5 GitLab CE/EE versions 15.3 prior to 15.3.4 GitLab CE/EE versions 15.4 prior to 15.4.1 Description: A branch/tag name confusion issue allows an attacker to manipulate pages where the content of the default...

CVE-2022-2455

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing ...

CVE-2022-2884

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

CVE-2022-2931

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage...

CVE-2022-3279

An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs...

CVE-2022-3288

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...

CVE-2022-3283

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used ...

CVE-2022-3288

A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected...

CVE-2022-3031

An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific...